[Chromium] Crash in HarfbuzzFace::~HarfbuzzFace

https://bugs.webkit.org/show_bug.cgi?id=66211 Holds Skia's unique font ID instead of FontPlatformData to avoid accessing freed FontPlatformData. Reviewed by Tony Chang. No new tests; no functional change. * platform/graphics/chromium/HarfbuzzSkia.cpp: (WebCore::releaseCachedHarfbuzzFace): Changed the argument. (WebCore::HarfbuzzFace::HarfbuzzFace): Changed to have Skia's font uniqueID instead of FontPlatformData. (WebCore::HarfbuzzFace::~HarfbuzzFace): Uses m_uniqueID to call releaseCachedHarfbuzzFace. * platform/graphics/chromium/HarfbuzzSkia.h: git-svn-id: svn://svn.chromium.org/blink/trunk@93216 bbb929c8-8fbe-4397-9dbb-9b2b20218538

[Chromium] Crash in HarfbuzzFace::~HarfbuzzFace
https://bugs.webkit.org/show_bug.cgi?id=66211 Holds Skia's unique font ID instead of FontPlatformData to avoid accessing freed FontPlatformData. Reviewed by Tony Chang. No new tests; no functional change. * platform/graphics/chromium/HarfbuzzSkia.cpp: (WebCore::releaseCachedHarfbuzzFace): Changed the argument. (WebCore::HarfbuzzFace::HarfbuzzFace): Changed to have Skia's font uniqueID instead of FontPlatformData. (WebCore::HarfbuzzFace::~HarfbuzzFace): Uses m_uniqueID to call releaseCachedHarfbuzzFace. * platform/graphics/chromium/HarfbuzzSkia.h: git-svn-id: svn://svn.chromium.org/blink/trunk@93216 bbb929c8-8fbe-4397-9dbb-9b2b20218538
ceb67d92 · bashi@chromium.org · ab903342 · ceb67d92 · ceb67d92 · ceb67d92
Commit ceb67d92 authored Aug 17, 2011 by bashi@chromium.org
3 changed files
--- a/third_party/WebKit/Source/WebCore/ChangeLog
+++ b/third_party/WebKit/Source/WebCore/ChangeLog
+2011-08-17  Kenichi Ishibashi  <bashi@chromium.org>
+
+        [Chromium] Crash in HarfbuzzFace::~HarfbuzzFace
+        https://bugs.webkit.org/show_bug.cgi?id=66211
+
+        Holds Skia's unique font ID instead of FontPlatformData to avoid accessing freed FontPlatformData.
+
+        Reviewed by Tony Chang.
+
+        No new tests; no functional change.
+
+        * platform/graphics/chromium/HarfbuzzSkia.cpp:
+        (WebCore::releaseCachedHarfbuzzFace): Changed the argument.
+        (WebCore::HarfbuzzFace::HarfbuzzFace): Changed to have Skia's font uniqueID instead of FontPlatformData.
+        (WebCore::HarfbuzzFace::~HarfbuzzFace): Uses m_uniqueID to call releaseCachedHarfbuzzFace.
+        * platform/graphics/chromium/HarfbuzzSkia.h:
+
 2011-08-17  Jeff Miller  <jeffm@apple.com>

        Re-sort the WebCore project with Visual Studio after recent changes that I assume were done by manually editing the XML.
--- a/third_party/WebKit/Source/WebCore/platform/graphics/chromium/HarfbuzzSkia.cpp
+++ b/third_party/WebKit/Source/WebCore/platform/graphics/chromium/HarfbuzzSkia.cpp
@@ -246,9 +246,8 @@ static HB_FaceRec_* getCachedHarfbuzzFace(FontPlatformData* platformData)
    return result.get()->second.first;
 }

-static void releaseCachedHarfbuzzFace(FontPlatformData* platformData)
+static void releaseCachedHarfbuzzFace(SkFontID uniqueID)
 {
-    SkFontID uniqueID = platformData->uniqueID();
    HarfbuzzFaceCache::iterator result = gHarfbuzzFaceCache->find(uniqueID);
    ASSERT(result != gHarfbuzzFaceCache->end());
    ASSERT(result.get()->second.second > 0);
@@ -260,14 +259,14 @@ static void releaseCachedHarfbuzzFace(FontPlatformData* platformData)
 }

 HarfbuzzFace::HarfbuzzFace(FontPlatformData* platformData)
-    : m_platformData(platformData)
+    : m_uniqueID(platformData->uniqueID())
 {
-    m_harfbuzzFace = getCachedHarfbuzzFace(m_platformData);
+    m_harfbuzzFace = getCachedHarfbuzzFace(platformData);
 }

 HarfbuzzFace::~HarfbuzzFace()
 {
-    releaseCachedHarfbuzzFace(m_platformData);
+    releaseCachedHarfbuzzFace(m_uniqueID);
 }

 }  // namespace WebCore
--- a/third_party/WebKit/Source/WebCore/platform/graphics/chromium/HarfbuzzSkia.h
+++ b/third_party/WebKit/Source/WebCore/platform/graphics/chromium/HarfbuzzSkia.h
@@ -55,7 +55,7 @@ public:
 private:
    explicit HarfbuzzFace(FontPlatformData*);

-    FontPlatformData* m_platformData;
+    uint32_t m_uniqueID;
    HB_FaceRec_* m_harfbuzzFace;
 };